Skip to content

Commit

Permalink
Add windows code sign to CI (janhq#712)
Browse files Browse the repository at this point in the history 
Co-authored-by: Hien To <[email protected]>
  • Loading branch information
@hiento09 @hientominh
hiento09 and hientominh authored Nov 24, 2023
1 parent df1148e commit beafa67
Show file tree
Hide file tree
Showing 2 changed files with 97 additions and 15 deletions.
104 changes: 97 additions & 7 deletions .github/workflows/jan-electron-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,34 @@ on:
tags: ["v[0-9]+.[0-9]+.[0-9]+"]

jobs:
create-draft-release:
runs-on: ubuntu-latest
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
outputs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
version: ${{ steps.get_version.outputs.version }}
permissions:
contents: write
steps:
- name: Extract tag name without v prefix
id: get_version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV && echo "::set-output name=version::${GITHUB_REF#refs/tags/v}"
env:
GITHUB_REF: ${{ github.ref }}
- name: Create Draft Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref_name }}
release_name: "${{ env.VERSION }}"
draft: true
prerelease: false

build-macos:
runs-on: macos-latest
needs: create-draft-release
environment: production
permissions:
contents: write
Expand All @@ -28,7 +54,12 @@ jobs:

- name: Update app version base on tag
run: |
make update-app-version
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Tag is not valid!"
exit 1
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json
env:
VERSION_TAG: ${{ steps.tag.outputs.tag }}

Expand Down Expand Up @@ -59,6 +90,7 @@ jobs:

build-windows-x64:
runs-on: windows-latest
needs: create-draft-release
permissions:
contents: write
steps:
Expand All @@ -80,18 +112,71 @@ jobs:
- name: Update app version base on tag
shell: bash
run: |
make update-app-version
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Tag is not valid!"
exit 1
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json
env:
VERSION_TAG: ${{ steps.tag.outputs.tag }}

- name: Build and publish app
- name: Build uikit
run: |
make build-and-publish
cd uikit
yarn config set network-timeout 300000
yarn install
yarn build
- name: Install yarn dependencies
shell: powershell
run: |
yarn config set network-timeout 300000
yarn build:core
yarn install
$env:NITRO_VERSION = Get-Content .\plugins\inference-plugin\nitro\version.txt; echo $env:NITRO_VERSION
yarn build:plugins
yarn build
- name: Windows Code Sign with AzureSignTool
run: |
dotnet tool install --global AzureSignTool
cd ./electron/dist
azuresigntool.exe sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.globalsign.com/tsa/r6advanced1 -v "jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe"
- uses: actions/[email protected]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe
asset_name: jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe
asset_content_type: application/octet-stream

- uses: actions/[email protected]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe.blockmap
asset_name: jan-win-x64-${{ needs.create-draft-release.outputs.version }}.exe.blockmap
asset_content_type: text/xml

- uses: actions/[email protected]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-draft-release.outputs.upload_url }}
asset_path: ./electron/dist/latest.yml
asset_name: latest.yml
asset_content_type: text/yaml

build-linux-x64:
runs-on: ubuntu-latest
needs: create-draft-release
environment: production
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
Expand All @@ -118,7 +203,12 @@ jobs:

- name: Update app version base on tag
run: |
make update-app-version
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Tag is not valid!"
exit 1
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json
env:
VERSION_TAG: ${{ steps.tag.outputs.tag }}

Expand All @@ -129,7 +219,7 @@ jobs:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

update_release_draft:
needs: [build-macos, build-windows-x64, build-linux-x64]
needs: [build-macos, build-windows-x64, build-linux-x64, create-draft-release]
permissions:
# write permission is required to create a github release
contents: write
Expand Down
8 changes: 0 additions & 8 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,6 @@ ifeq ($(OS),Windows_NT)
else
cd uikit && yarn install && yarn build
endif
# Updates the app version based on the tag
update-app-version:
if [[ ! "${VERSION_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then \
echo "Error: Tag is not valid!"; \
exit 1; \
fi
jq --arg version "${VERSION_TAG#v}" '.version = $version' electron/package.json > /tmp/package.json
mv /tmp/package.json electron/package.json

# Installs yarn dependencies and builds core and plugins
install-and-build: build-uikit
Expand Down

0 comments on commit beafa67

Please sign in to comment.